The Cyberattacks We Don’t Hear About But Should

Some cyberattacks make it to the front pages of mainstream publications. We’ve read about the breach at Target of 40 million payment cards, and the cyberattack on Yahoo that compromised data from more than 1 billion user accounts. All these highly publicized cyberattacks have one thing in common: they involve customer data.

nativo_cyber_security_2017_2.jpg

No wonder then that customer privacy is on the minds of CEOs, according to “Now or Never,” Forbes Insights’ and KPMG’s CEO outlook. Eighty-two percent of CEOs are concerned that their company may be less worried about privacy than their customers are.

But there is also another type of cyberattack, the kind that we are less likely to read or hear about. These are the attacks that target proprietary corporate information, seeking to find out what is “beneath the covers” of an organization.

Greg Bell, Co-Leader, Global Cyber Security at KPMG International, categorizes such attacks into three types. The first type is an attack seeking broad competitive information that could include intellectual property, pricing information or bidding information. There are also attacks on operational information, which can either tamper with data or make critical data unavailable. The third type is getting access to conversations about potential mergers, acquisitions or strategic priorities.

It is to a large degree due to these “beneath the covers” attacks that cybersecurity is now the number one risk for CEOs, as revealed in “Now or Never.” In Bell’s estimation, attacks on corporate data constitute a third of all cyberattacks on businesses, with the remaining two-thirds being attacks involving customer data.

“Such attacks can be very impactful on the ability to execute business strategy,” says Bell. “We’re seeing losses in billions of dollars. When unique intellectual property, the basis of competitive advantage, disappears overnight the outcomes can be disastrous.”

Bell cites an example of a manufacturing company with a premium-priced, high-quality product. The company saw its market share degrading, and its customers started to complain about lower product quality. That came as a surprise since the company tested every unit before shipping, and the test results showed the usual high quality. The culprit was the quality control system itself, which had been hacked and thus giving false readings.

Though the awareness of the impact of breaches of corporate data is growing, it is much harder to know about such breaches than it is about hacks involving customer data. Affected companies are working with law enforcement, government agencies and consultancies. Because these are open investigations that involve proprietary data, information about them doesn’t get disclosed immediately, and they are not talked about publicly. In contrast, CEOs are open to sharing their vulnerabilities for  the purpose of strengthening defenses against customer data breaches. A large majority, 82%, of CEOs say that they are willing to share their experiences of a privacy breach with peers, according to “Now or Never.”

“Until we get more transparency about the breaches of corporate data, we’ll continue to have these surprises happen,” says Bell. “Companies are just not aware of the nature of these attacks. The knowledge-sharing is a lot better now than it has been in the past, but it’s still not where we need to be.”

CEOs realize they can be surprised by a cyberattack. Seventy-two percent of CEOs say they are not fully prepared for a cyber event, a significantly higher proportion than in 2015 (50%), according to “Now or Never.”

The report also reveals that cybersecurity is correlated with performance. More CEOs from top-performing companies believe that they are fully prepared for a cyber event. On a positive note, Bell says that executives are beginning to treat cybersecurity as a business risk and not just a technology risk.

Cyberattacks can become a major impediment to growth, and each major decision needs to be looked at through the cybersecurity lens. “Cybersecurity cannot be the last thing on the checklist,” says Bell.

Learn how Cox Business can help keep your business safe

This article was written by Kasia Moreno from Forbes and was legally licensed through the NewsCred publisher network.

Kasia Moreno

Kasia Moreno

Editorial Director at Forbes Insights
I am an editorial director at Forbes Insights, the thought leadership and strategic research arm of Forbes Media. I write about what gives corporations advantage in terms of innovation, technology, diversity and talent management. I also cover global wealth. My personal advantage as a financial and business writer stems from having covered many sides of business as a writer and editor at Forbes. My areas of coverage have included personal and corporate finance, international wealth and business, and health. I am also an entrepreneur, as I run a boutique content provider, McParlin Partners.
Kasia Moreno

Latest posts by Kasia Moreno